In the wake of the COVID-19 pandemic, companies are increasingly calling on employees to work from home. Hospitals, clinics and doctor’s offices are preparing for massive numbers of infections, not only of patients but also healthcare workers. Colleges and universities are sending students home en masse. Sporting events are considering playing in empty arenas. Airlines and other travel sites are suffering massive disruption.
Computer security to the rescue!
Yes, you read that right. A good deal of the effective response to the COVID-19 virus will depend on infrastructure. Reliable. Ubiquitous. Adaptable. Secure infrastructure. For years I have been arguing that we are thinking about information security all wrong. We think of it as a cost—something we are required to spend money on (money that would be better spent on other things like big bonuses, right?) and we have to spend that money to be “compliant” with some damned law or government regulation. HIPAA-HITECH. GLBA. GDPR. CCPA. NIST. PCI-DSS. FERPA. Name your regulation. If all you want to be is compliant, all you will be is compliant.
Well-thought-out information security is not a cost—it’s an enabler. It’s what allows employees to get access through a VPN to sensitive files and documents remotely without increasing (well, without substantially increasing) the risk that the sensitive data will be exposed. It’s what permits access to data on smartphones, iPads and IoT devices. Security enables telework, teleconferencing and online collaboration. It provides the infrastructure for the collection and analysis of data, including data related to infections, spread and containment. It helps identify and secure the entire supply chain, even if that supply chain is disrupted. Security enables consumer access to business online resources such as online ordering, communication and consultation. If you are forced to work from home because of the virus, at least for many industries, this can be done with minimal disruption (provided you still have internet connectivity).
In preparing for Y2K, many New York City-based brokerages co-located facilities across the Hudson River in places such as Jersey City just in case there was a disruption come Jan. 1, 2000. There wasn’t. It seemed like a monumental waste of resources. Except that on Sept. 11, 2001, as the twin towers burned, the existence of colocation sites, hot sites and warm sites limited the disruption and allowed some business activity to continue. Cybersecurity includes cyber-resilience. And that’s resilience to all kinds of viruses—electronic and biological.
Certainly, the COVID-19 disruptions will impact business, and good computer hygiene will not be a panacea. The internet has its own supply chain which may be subject to disruption if there are massive societal disruptions due to the virus. But, for the time being, the mere existence of a secure business connection can help mitigate some of the impacts of physical and biological disruption. Good computer security, including DR/BCP, data mapping, remote access, authentication and access control, perimeter security and the like, enables us to respond effectively.
So stop looking at security as a necessary cost or a necessary evil. It is an essential component of any IT deployment. And hey, let’s stay safe out there!
— Mark Rasch